Cyber security is the practice of defending computers, servers, mobile devices,

electronic systems, networks, and data from malicious attacks. It's also known as
information technology security or electronic information security. The term applies in a
variety of contexts, from business to mobile computing, and can be divided into a few
common categories.

·         Network security is the practice of securing a computer network from intruders,

whether targeted attackers or opportunistic malware.
·         Application security focuses on keeping software and devices free of threats. A
compromised application could provide access to the data its designed to protect.
Successful security begins in the design stage, well before a program or device is
deployed.
·         Information security protects the integrity and privacy of data, both in storage and in
transit.
·         Operational security includes the processes and decisions for handling and
protecting data assets. The permissions users have when accessing a network and the
procedures that determine how and where data may be stored or shared all fall under
this umbrella.
·         Disaster recovery and business continuity define how an organization responds to
a cyber-security incident or any other event that causes the loss of operations or data.
Disaster recovery policies dictate how the organization restores its operations and
information to return to the same operating capacity as before the event. Business
continuity is the plan the organization falls back on while trying to operate without
certain resources.
·         End-user education addresses the most unpredictable cyber-security factor: people.
Anyone can accidentally introduce a virus to an otherwise secure system by failing to
follow good security practices. Teaching users to delete suspicious email attachments,
not plug in unidentified USB drives, and various other important lessons is vital for the
security of any organization.
The scale of the cyber threat
The global cyber threat continues to evolve at a rapid pace, with a rising number of data
breaches each year. A report by RiskBased Security revealed that a shocking 7.9 billion
records have been exposed by data breaches in the first nine months of 2019 alone.
This figure is more than double (112%) the number of records exposed in the same
period in 2018.

Medical services, retailers and public entities experienced the most breaches, with
malicious criminals responsible for most incidents. Some of these sectors are more
appealing to cybercriminals because they collect financial and medical data, but all
businesses that use networks can be targeted for customer data, corporate espionage,
or customer attacks.

With the scale of the cyber threat set to continue to rise, the International Data
Corporation predicts that worldwide spending on cyber-security solutions will reach a
 massive $133.7 billion by 2022. Governments across the globe have responded to the
rising cyber threat with guidance to help organizations implement effective cyber-
security practices.
In the U.S., the National Institute of Standards and Technology (NIST) has created
a cyber-security framework. To combat the proliferation of malicious code and aid in
early detection, the framework recommends continuous, real-time monitoring of all
electronic resources.
The importance of system monitoring is echoed in the “10 steps to cyber security”,
guidance provided by the U.K. government’s National Cyber Security Centre. In Australia,
The Australian Cyber Security Centre (ACSC) regularly publishes guidance on how organizations
can counter the latest cyber-security threats. 
Types of cyber threats
The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to

cause disruption.
2. Cyber-attack often involves politically motivated information gathering.
3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common
methods used to threaten cyber-security:

Malware
Malware means malicious software. One of the most common cyber threats, malware is
software that a cybercriminal or hacker has created to disrupt or damage a legitimate
user’s computer. Often spread via an unsolicited email attachment or legitimate-looking
download, malware may be used by cybercriminals to make money or in politically
motivated cyber-attacks.

There are a number of different types of malware, including:

·        Virus: A self-replicating program that attaches itself to clean file and spreads
throughout a computer system, infecting files with malicious code.
·        Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick
users into uploading Trojans onto their computer where they cause damage or collect
data.
·        Spyware: A program that secretly records what a user does, so that cybercriminals can
make use of this information. For example, spyware could capture credit card details.
·        Ransomware: Malware which locks down a user’s files and data, with the threat of
erasing it unless a ransom is paid.
·        Adware: Advertising software which can be used to spread malware.
·        Botnets: Networks of malware infected computers which cybercriminals use to perform
tasks online without the user’s permission.
SQL injection
An SQL (structured language query) injection is a type of cyber-attack used to take
control of and steal data from a database. Cybercriminals exploit vulnerabilities in data-
driven applications to insert malicious code into a databased via a malicious SQL
statement. This gives them access to the sensitive information contained in the
database.

Phishing
Phishing is when cybercriminals target victims with emails that appear to be from a
legitimate company asking for sensitive information. Phishing attacks are often used to
dupe people into handing over credit card data and other personal information.
Man-in-the-middle attack
A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts
communication between two individuals in order to steal data. For example, on an
unsecure WiFi network, an attacker could intercept data being passed from the victim’s
device and the network.

Denial-of-service attack
A denial-of-service attack is where cybercriminals prevent a computer system from
fulfilling legitimate requests by overwhelming the networks and servers with traffic. This
renders the system unusable, preventing an organization from carrying out vital
functions.

Latest cyber threats

What are the latest cyber threats that individuals and organizations need to guard
against? Here are some of the most recent cyber threats that the U.K., U.S., and
Australian governments have reported on.

Dridex malware
In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an
organized cyber-criminal group for their part in a global Dridex malware attack. This
malicious campaign affected the public, government, infrastructure and business
worldwide.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it
infects computers though phishing emails or existing malware. Capable of stealing
passwords, banking details and personal data which can be used in fraudulent
transactions, it has caused massive financial losses amounting to hundreds of millions.

In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the
public to “ensure devices are patched, anti-virus is turned on and up to date and files
are backed up”.
Romance scams
In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that
cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take
advantage of people seeking new partners, duping victims into giving away personal
data.

The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,
with financial losses amounting to $1.6 million.
Emotet malware
In late 2019, The Australian Cyber Security Centre warned national organizations about
a widespread global cyber threat from Emotet malware.
Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet
thrives on unsophisticated password: a reminder of the importance of creating a secure
password to guard against cyber threats.
End-user protection
End-user protection or endpoint security is a crucial aspect of cyber security. After all, it
is often an individual (the end-user) who accidentally uploads malware or another form
of cyber threat to their desktop, laptop or mobile device.

So, how do cyber-security measures protect end users and systems? First, cyber-
security relies on cryptographic protocols to encrypt emails, files, and other critical data.
This not only protects information in transit, but also guards against loss or theft.

In addition, end-user security software scans computers for pieces of malicious code,
quarantines this code, and then removes it from the machine. Security programs can
even detect and remove malicious code hidden in primary boot record and are designed
to encrypt or wipe data from computer’s hard drive.
Electronic security protocols also focus on real-time malware detection. Many use
heuristic and behavioral analysis to monitor the behavior of a program and its code to
defend against viruses or Trojans that change their shape with each execution
(polymorphic and metamorphic malware). Security programs can confine potentially
malicious programs to a virtual bubble separate from a user's network to analyze their
behavior and learn how to better detect new infections.

Security programs continue to evolve new defenses as cyber-security professionals

identify new threats and new ways to combat them. To make the most of end-user
security software, employees need to be educated about how to use it. Crucially,
keeping it running and updating it frequently ensures that it can protect users against
the latest cyber threats.

Cyber safety tips - protect yourself against

cyberattacks
  How can businesses and individuals guard against cyber threats? Here are our top
cyber safety tips:

1.      Update your software and operating system: This means you benefit from the latest
security patches.
2.      Use anti-virus software: Security solutions like Kaspersky Total Security will detect
and removes threats. Keep your software updated for the best level of protection.
3.      Use strong passwords: Ensure your passwords are not easily guessable.
4.      Do not open email attachments from unknown senders: These could be infected
with malware.
5.      Do not click on links in emails from unknown senders or unfamiliar websites:This
is a common way that malware is spread.
6.      Avoid using unsecure WiFi networks in public places: Unsecure networks leave
you vulnerable to man-in-the-middle attacks.
 Data Privacy
Data Privacy Definition
Data Privacy describes the practices which ensure that the data shared by customers is
only used for its intended purpose. In a world with ever-growing mountains of big data,
privacy is an increasing topic of scrutiny.

Information privacy is the right of individuals to have control over how their personal
information is collected and used. Many consider data privacy to be the most significant
consumer protection issue today. One factor which contributes to this is growing
technological sophistication, and the resulting types of data collected.

Data privacy laws such as the United States’ Health Insurance Portability and
Accountability Act (HIPAA) govern specific types of data. Other examples like the
Electronic Communications Privacy Act (ECPA) extend government restrictions on
wiretaps to include transmissions of electronic data. The Children’s Online Privacy
Protection Act (COPPA) gives parents control over what information websites can
collect from their kids. While the EU’s General Data Protection Regulation (GDPR)
gives citizens new control over their data and their interactions with companies.
Compliance officers within an organization are responsible for designing a data privacy
policy so understanding data privacy regulations like these is a key element of the role.

What is Data Privacy?

At the highest level, privacy is the right of a citizen to be left alone, or freedom from
interference or intrusion. Data privacy is the right of a citizen to have control over how
personal information is collected and used. Data protection is a subset of privacy. This
is because protecting user data and sensitive information is a first step to keeping user
data private.

US data privacy laws are regulated at the federal level. There are a growing number of
data privacy laws by state. One example is the California Consumer Privacy Act
(CCPA). A data privacy officer or compliance officer within each organization will ensure
the practices and programs that comply with these laws. Compliance requirements for
data privacy are getting more complex as different jurisdictions enact their data
protection laws.

Why is Data Privacy Important?

The ability to deliver and enforce a healthy company data privacy policy is growing in
importance as a measure of trust. Information privacy is becoming more complex by the
minute. The sophisticated nature of technological development means new kinds of
personal data are being collected from customers and citizens.
Jurisdictions including federal, states, and international bodies like the European Union
are enacting new data privacy regulations. New regulations get enacted thanks to
growing awareness among citizens and lawmakers who may not be data or technical
experts. High-profile data breaches have created heightened concern about how data
may be protected and kept private. Most regulators can exact hefty fines to enforce their
data privacy requirements. Consumer and regulator concern about protecting sensitive
data means jurisdictions are passing new data privacy acts and penalties to enforce
them.

What are the Benefits of Complying with Data

Privacy Laws?
Healthy data privacy programs which protect data and personally identifiable
information have a number of benefits for organizations.

First, the fines and penalties written into data privacy regulations can be quite steep. For
example, under the EU’s General Data Protection Regulation (GDPR), organizations
can be fined 4% of annual global revenue or 20 million euros. Beyond the potential
punitive costs, cost-savings are possible benefits of a program that addresses key data
privacy issues. Data protection regulations like GDPR require not only safeguarding
user data, but also responding and sharing data upon request. Clean, efficient
processes for the organization to meet these data governance obligations can reap
substantial cost-savings.

In January 2019, Cisco reported that two-thirds of companies say they are seeing sales
delays due to data privacy questions from their customers. Violations of data privacy
erode consumer, investor, and stakeholder trust in the organization. When a
stakeholder has doubts about the organization’s ability to prevent identity theft, they
may be unwilling to conduct business with that organization. Conversely, this
awareness makes people more likely to do business with organizations that understand
their obligations under consumer data privacy laws. An organization that demonstrates
a solid understanding of data privacy principles is often seen as a leader in their
category. Healthy data privacy programs are only possible with investment and support
from the leadership team. Smart corporate board directors will grasp the value of this
approach.

Data Privacy vs Data Security?

Data privacy and data security are separate but related concepts. Both data security
and privacy relate to control of the user’s data. However they have distinct meanings.
Data security is the policies and procedures that apply to protecting sensitive data
stored within the company from malicious intruders. These policies help ensure data
confidentiality, integrity and availability.
Data privacy principles are the policies and procedures governing who may access the
data. This includes people within the organization or department that has been granted
access. Therefore, it’s possible to have a healthy security stance without addressing
data privacy basics. However, it’s not possible to ensure data privacy without a solid
security stance.

How Important is Data Privacy?

Data privacy is arguably one of the most important considerations in a company’s
compliance program. Some data protection regulations have enforcement fines
attached to them. Others have regulatory orders overseeing them for as many as 20
years. Guided by these laws and regulations, it behooves the organization to develop a
healthy program to protect sensitive data.

Organizations that implement a healthy data privacy program reduce the number of
security incidents that result in privacy breaches. Fewer breaches mean the business
does not lose trust. Guarding against this erosion of trust is important to prevent losing
customers or other types of business. It also saves the business from fines, multi-year
penalties, or civil suits which often follow on significant breaches.

Besides an impact on the business, consider that data privacy issues can hurt the
individuals affected. Loss of personally identifiable information can negatively impact
individual users, customers or citizens. Cases have been reported of data subjects
dealing with breach and privacy problems for decades after data loss. Beyond the
punitive impacts enshrined in data protection regulations, an organization may be held
liable by the individual for these issues.

Forbes reported in 2014 that 46% of organizations suffered damage to their reputation
and brand value as a result of a privacy breach. The benefits of complying with data
privacy laws grow in clarity every day in a world where new jurisdictions are passing
their own data protection regulations.

Examples of Data Privacy Risks?

In order to secure a data privacy certification from one of the trusted audit organizations,
such as ISO, SOC II, or HIPAA compliance, an organization must show they prevent
data privacy risks. Some key examples of cloud data privacy challenges can include:

1. Vulnerabilities in Web Applications

Any software hosted in the cloud or on the web should be fully vetted and secure
before deploying within an otherwise secure organization. Have a data privacy
compliance checklist to protect your program before installing something new.
2. Insiders and Poorly-Trained Employees
Every member of your team should be fully trained and aware of the data privacy
basics for which they are responsible. Care given to crafting and enforcing a
corporate data privacy policy can ensure this is successful.
 3. Lacking Breach Response
An important part of a data privacy compliance program is an incident response plan.
Make sure you have a clear plan in place, rehearsed, and that the command line is
ready to deploy this plan when any issues arise.
4. Inadequate Personal Data Disposal
Personal data should be kept only as long as the relationship with the customer or
employee (and related legal obligations) are in effect. Your organization can incur
significant fines under the EU’s General Data Protection Regulation (GDPR) if this
program does not perform this function.
5. Lack of Transparency in Privacy Policies, Terms and Conditions
Ensure every customer, vendor, user or investor can understand your privacy
policies, terms and conditions. Ensure they are clear on what they are agreeing to,
and on the obligations to which they are subscribing.
6. Collection of Unnecessary Data
Collecting data should always be done with a specific purpose for which consent has
been received. Most data protection laws and regulations mandate an organization
may not collect more data than is required for the transaction. A data privacy consent
form can help explain your company’s policies and what the user is consenting to.
7. Personal Data Sharing
Be sure to inform all users before any personally identifiable information leaves the
database in your organization for which permission has been granted.
8. Incorrect or Outdated Personal Data
Individuals have the right to rectify outdated or uncorrected personal data under most
data privacy laws and regulations. This is an important update in data privacy
protection. Ensure your organization has a specific policy and actionable procedures
in place to allow users to exercise this right.
9. Session Expiration Problems
When a data subject provides personal information to a web application, session
expiration can create risk. If a data subject abandons their session and their data is
exposed, the organization may be held liable for this cloud data privacy breach.
10. Data transfer Over Insecure Channels
Always use secure channels and protocols (e.g. SFTP, TLS) to transmit sensitive
data. When data is exposed through insecure channels (e.g. FTP, HTTP), incidents
can occur.
11. Extra Credit: Dealing With the Unknown
Ensure your team, procedures, and command line are prepared for unexpected
contingencies. The big data privacy challenges of the modern business landscape
present new threats and compliance challenges on a regular basis. A healthy
program for data governance security and privacy can adapt and adjust to keep your
organization compliant and secure.

Does Emotiv offer Data Privacy Protection?

Data generated by EMOTIV products or services is automatically encrypted, stored and
securely backed up to user accounts through our proprietary EMOTIV Cloud software.
EMOTIV is committed to securing and handling your information with administrative,
technical, and physical safeguards by design and follows all laws and regulations
closely using industry-standard encryption.

You can store and access your EEG data from anywhere with peace of mind knowing
that it’s fully protected and private. All EMOTIV employees are trained in secure and
respectful handling of personal data, as per GDPR and California Consumer Privacy Act
(CCPA) requirements.